Focus

User-ID Features

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Panorama Features

GlobalProtect Features

User-ID Features

Learn about the new User-ID™ features in PAN-OS 9.1.

New User-ID Feature	Description
Include Username in HTTP Header Insertion Entries	Allows the firewall to relay a user’s identity when they are accessing your network through secondary security appliances that are connected to your Palo Alto Networks firewall. You can configure your firewall to include the username in the HTTP header so that other security appliances in your network can identify the user without additional infrastructure (such as proxies used to insert the username). This simplifies deployment, reduces page-load latency, and eliminates multiple authentications for users.
Dynamic User Groups	You can now use tags to dynamically group users and automate security, decryption, or authentication actions for the group based on user behavior (such as downloading risky software). You can gather information from security sources such as Cortex XDR, User and Entity Behavior Analytics (UEBA), or Security Information and Event Management (SIEM) and use that data to determine a user’s risk level. By using these sources to gain a more comprehensive view of the user’s risk level than provided by directory attributes, the firewall can now interpret user and device information to define user groups that mitigate threats and vulnerabilities regardless of the user’s device or location. These tag-based groups can also provide temporary access for users who need temporary privilege escalation to fix an issue on a production system they wouldn’t normally have access to without requiring you to create rules or modify directories.

New User-ID Feature

Description

Include Username in HTTP Header Insertion Entries

Allows the firewall to relay a user’s identity when they are accessing your network through secondary security appliances that are connected to your Palo Alto Networks firewall. You can configure your firewall to include the username in the HTTP header so that other security appliances in your network can identify the user without additional infrastructure (such as proxies used to insert the username). This simplifies deployment, reduces page-load latency, and eliminates multiple authentications for users.

Dynamic User Groups

You can now use tags to dynamically group users and automate security, decryption, or authentication actions for the group based on user behavior (such as downloading risky software). You can gather information from security sources such as Cortex XDR, User and Entity Behavior Analytics (UEBA), or Security Information and Event Management (SIEM) and use that data to determine a user’s risk level. By using these sources to gain a more comprehensive view of the user’s risk level than provided by directory attributes, the firewall can now interpret user and device information to define user groups that mitigate threats and vulnerabilities regardless of the user’s device or location. These tag-based groups can also provide temporary access for users who need temporary privilege escalation to fix an issue on a production system they wouldn’t normally have access to without requiring you to create rules or modify directories.

Panorama Features

GlobalProtect Features

Next-Generation Firewall Docs

User-ID Features

Next-Generation Firewall Docs

User-ID Features

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner